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REMARKS 

Reconsideration of the application i$ respectfully requested for the following 



reasons: 



1. 



No. O.902 .2Q2 iVeil) 

This rejection is rcspectfiilly traversed on the grounds that the Veil patent neither 
discloses nor suggests using a smartcard. as opposed to a security co-processor, to perfom all 
digital signing operations that require access to aprivate key. In the system of Veil, the security 
co-processor 122 or "file signing tool" retrieves the private key fiom the smart card before 
perfi)nmng a signing operation using the key. 



on or 



The security co-processor 122 of Veil is clearly not, as alleged by the Examiner, 
part of the smart card. Instead, it is a separate device with an interface for communicating with 
the smart card. This is exactly contraiy to the claimed invention, which seeks to protect the 
private key by keeping it on the smartcaid and having the smartcanj perform all operations that 
might compromise the key. Retrieval ofthe private key is precisely the type of exposure that the 
claimed invention seeks to avoid. 

A side-by-side comparison reveals the difference: 

Claimed y^jn 

SLt^it^^d"^''' '"^"^ """'^ file signingtool (security co-p«»cessor 122) 

u caiu, retrieves key fix>m smart card; 

the smartcard performs ail digital signing the file signing tool performs aU disUal 

o^atu,ns that require access to aprivate signing operalns th^ ri^uirl ^JsHo a 

^* private key. 

the results ofthe operations requiring access 
to a private key are sent back to the file 
signing tool so that the file can be signed 
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According to the claimed invention, the private key never leaves the smartcaid, and the file 
signing tool does not have access to the key. Instead, the file signing tool merely supplies data 
to the smartcard. which carries out any operations on thedatathat involve the key. and then sends 
back the results of the operations to the file signing tool for completion of the signing operation. 
This permits use of a file signing tool that may not be completely trustworthy without 
compromising private keys on the smartcanL 

The Veil patent does recognize the vulnerability of the private key. but seeks to protect 

the private key through the use of PIN protection of the security co-piocessor. Unfortunately. 

in real life. PINs can be stolen or. even worse, the employee entrusted with the PIN might be 

corrupt. None of this bothers Veil, as is made clear fiom col. 1 1, lines 28-35: 

nus. in operation, the system in accordance with the present invention, reads 
from the smart card the account number, the digital certificate and, optionally 

tfieprivate-keyimothesecurityco-processor(]22).andthenUpromptsthesmat^ 
card owner to enter the PIN via the trusted input device (130). 

In contrast to the claimed invention, Veil ttusts the input device, and therefore believes the 
security co-processor to be secure enough to handle the private key. As a result. Veil ««>.th^r 
discloses mr suggests havinfr the smart r-«rH jtself. «p pn« M to an «.vt^m^l co.nroce^snr 
perform operations i^AVQlyjnff the private t re y . While the private key is "optional" to the extent 
that it may be omitted entirely, if the private key is used, it is transferred to the security co- 
processor, which is part of a "secure computing environment" (col. It, line 39). This is 
fimdamentally different fiiom and contrary to the claimed invention. 

hi die rejection, the Examino- par^hrases the claim language by stating that: 
Veil tMches a smartcard having stored thereon a private key (Veil, column 1 1 
hws 23-28. privatekey). afile signing toot arranged to receive afile to be signed 
(Veil, column 11. lines 1-11, data is captured and signed), to access the 
smartcard (Veil, column 11. lines 45-52), and to download signed files to the 
terminal (Veil, column 11. line 66 - column 12. line 3). 

This comparison by the Examiner of the claimed invention andVeil does nsj include an accurate 
statement of what is claimed. Instead, it ignores the language specifically included in claim 1 , 
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therein the smartcard includes an embedded secure processor programmed to perform all 
digUal signing operations thai require access to the private k^r Veil cleariy does not suggest 
this positively recited feature of the invention, which is extensively discussed in the original 
specification. As explained in lines 15-17 on page 5 of the original specification, a potential 
weakness of file signing tools of the type disclosed by Veil "lies in protection of the private key 
used to sign the files." Therefore, according to pages 5^6 of the original specification: 
. . . fVhen a digital signature is required, the PIN is entered and verified, and the 
private key is decrypted and accessed by a computing device which performs the 
computations necessary to generate the digital signature. Asaresult, theprivate 
key is vulnerable to duplication during the signing procedure. 

This is the problem that is solved by having the smartcard itself perform all operations that 
require access to the private key. It is a problem to which the file signing tool of Veil is clearly 
vuhierable. If the legitimate holder of the PIN described in the Veil patent is not trustworthy, or 
if the PIN has been stolen, the private key of Veil can easily be duplicated because access to the 
private key is permitted via the PIN that unlocks the smartcard. 

Aspointedout in theprevious response, the Veil patent mentions thepossibilityofhaving 
the smartcard performing all security fimctions. However, Veil dismisses the possibility on 
grounds of cost and practicaUty (col. 1 , line 66 to col. 2, line 7), and instead specificaUy teaches 
away from the approach taken by the claimed invention by teaching the addition of a security 
co-processor that retrieves the private key fii>m the smartcard. Whereas the claimed invention 
seeks to preclude access to the private key by any external processor. Veil speciflcally 
teaches a security co-processor designed to perform aU processing operations, including 
operations involving the private key. This security co-nrocessnr yell Is NOT »n tiw> 
smartcard ttfetf, whereas claimed 1 .p ^fflr^n y calls for havrng the sn«.rtra,^ <#..if 
perform all operatio ns involving the nrivnfa 

Accordingty. it is respectfully submitted that the new rejection of claims 1-4, 6, 1 1. and 
13-17 under 35 USC § 102(b) in view of the Veil patent is improper and withdrawal of the 
rejection is respectfiilly requested. 
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2- ReicctiQA of Claims S and 17 Under USC 6103fa-) in view of U.S. Patent Nf»..t 
6,092.202 r^ein and 5-6S9 fi1fi '^^^ ^ 

This rejection is respectfiilly traversed on the grounds that the Sudia patent, like the Veil 
patent, neither discloses nor suggests the combination of a file signing method in which a file 
signing tool is arranged to perform private key file signing operations without accessing the 
private key,asclaimed. by accessing a smartcaid that performs aU digital signing operations that 
require access to a private key. Instead. Sudia teaches having the smartcaid sign the file. 



The mefliods of Veil, Sudia, and the claimed invention may be summarized as follows: 





Sudia 


Veil 




File Sigoing Tool? 


No 


Yes 


Yes 


Tool Retrieves Key? 


N/A 


Yes 


No 


Comments 


Teaches having 
smaitcard perform 
all file signing 
operations 


Teaches away from 
smart card 
performing file 
signing operations 
on grounds of "cost 
and practicality*' 


Offers convenience of 
a separate file signing 
tool with the security 
of smartcaid key 
protection 



It is true that the system of Sudia discloses use of a smartcard to authenticate a transaction 
by providing a private key. However, the Apphcant has not claimed to have invented the concept 
of signing files by using a private key, and authenticating the files by means of a certificate that 
inchides the coinesponding pubKc key. histead, the invention is directed to the use of file signing 
tool that enables use of private key encryption to authenticate files being downloaded to a 
terminal, such as teiminal update programs. Sudia does not teach such a tool, while Veil teaches 
that if a file signing tool is used to sign files by means of a private key. the file signing tool 
should retrieve the private key fiom a smartcard. 



In Sudia, the smaitcard itself, rather than a file signing tool, signs the "trHnsactiou." 
rhere is no suggestion of a file signing tool of the type claimed. Use of the smartcard to sign 
Wactions" is appropriate in the context of Sudia, since transactions are files that contain 
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limited infoimation, such as amounts. In contrast, the claimed invention involves downloading 
of files of aibitrary size, such as operating program or database updates, to a transaction terminal 
rather than just signing of transactions. Since Sudia does not teach any sort of file signing tool, 
it could not have suggested modification of the file signing tool of Veil in the maimer claimed. 
Instead, Veil clearly teaches away bom a?»plying fiom the concept disclosed by Sudia, namely 
use of a smartcard for the entire file signing opwation, because a smartcard cannot perform the 
ext^sive calculations that might be necessary to sign a file of aibitrary sire. 

In summary, while it is true that Sudia teaches use of a smartcard to protect a private key, 
the claimed invention is not merely to protect a private key using a smartcard, but rather to 
provide atool that permits a smartcard-protected private key to be used to authenticate files being 
downloaded to a terminal while stfll protecting the private key. Veil does teach a file signing 
tool, but teaches away fiom combining it with a smartcard in the manner claimed, the Veil patent 
instead teaching that the file signing tool should retrieve the private key fiom the card in a 
"secure" environment. Because the Veil and Sudia patents do not disclose or suggest all 
elemaits recited in the claims corresponding to original independent claims and 1 and 11, 
withdrawal of the rejection under 35 USC § 102(b) is respectfliUy requested. 

In addition, it is again respectfiilly noted that Sudia and Veil patents fail to even disclose 
the termmal-installed certificate recited in claims 5 and 17, which is for use by the terminal in 
authenticating the signer certiflcate. According to item 17 on page 6 of the OfiScial Action, 
this feature is disclosed in col. 13, lines 30-41 of the Veil patent. However, the cited passage 
achiaUy refers to a cache of pre-verified signer certificates. In other words, the system of Veil 
stores pre-verified copies of the signer certificate, so that it otlly has to authenticate the signer's 
certificate one time, after which it merely checks to see if the received signer certificate is the 
same as a pre-verified one. This is not I he same as authenticating the signer certificate 
tfaemsejvea to protect against loading nf attempts to d o wnload lnfliith«itic ci>rrifiraf>. 
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Accordingly, withdrawal of the rejection of claims 5 and 17 under 35 USC §103(a) is 
respectfully requested. 

3. RcigCtieq of Claim 10 Under ^5 IJRC SI mf^\ in viaw nf TT S . Patent N» fi 009 70 ? 
(Vein and 'mg/i >l PrLn^^rdls Not A P ^ sswortP' ^^^w) 

This rejection is respectfully traversed on the grounds that the Weiss article, like the Veil 
patent, neither discloses nor suggests the combination of: 

(a) a smarteaid fliat pcrfoims aU operations involving the private key so that the file signing 

too! is not required to retrieve ttie private key from the smartcard; and 
(b> protection of the smartcard by multiple PINs.. 

Instead, the Weiss article discusses the use of security tokens and challenge response scripts to 
supplement conventional single PINs or passwords, such as the ones that Veil relies upon to 
protect private keys retrieved by the file signing tool (security co-processor 122). There is no 
suggestionin the Weiss publication of having a smartcard perfonn signing operations that might 
reveal a private key, while utilizing a file signing tool to perfonn the signing operation, nor is 
there is there a suggestion of using multiple PINs to protect access to the smartcard, as 
specifically recited in claim 10. 

The challenge response arrangement if Weiss is clearly not flie same as multiple PINs. 
PINs are numbers that are stored in the device for self-verification. m Weiss, a single PIN stored 
on the token is used to protect the token. The chaUenge-response protocol cited by the Examiner 
is not equivalent to the PIN. but rather is earned out by the controller of the terminal with which 
the token is to be used. As explained in the paragraph bridging pages 107-108 of the Weiss 
publication, entry of a ajnglg correct PINprovides access to a device. The challenge response 
routine does not even begin until after verification of the PIN, and involves encryption of the 
user's response by the token {i.e., the smartcard), access to the en..rvDtion devi^ h,vinp k.^ 
ffffltpd upon entrypf ti>Q PTN . The challenge-response routine verifies the token, rather than 

protecting access to the token. Thus,neither the password northechallenge-responsedisclosed 
by Weiss can be considered equivalent to multiple smartcaid-protecting PINs, as claimed. 
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Since the Weiss pubUcation does not disclose the multiple PINs of claim 1 0. withdrawal 
of the rejection of claim 10 under 35 USC §103(a) is respectfully requested. 

4- Rq>fitipn of Claim 20 Under 35 USC S10V«\ i n view of IT S Patent Nos. 6 097 707 
fY^g) and 5,7521 Jfjl (Deo\ and "When A Pnx^ o rdlsNot A Pn^sswnrd" AVri^^s) 

Hiis rejection is respectfully traversed on the grounds fliat the Deo patent, like the Weiss 
article and the Veil patent, neither discloses nor suggests a file signing tool, as claimed, that is 
ammged to perform the functions of receiving a file to be signed; signing the file by accessing 
a smartcard ^^^ithotareirieving a private key from thesmartcard. and downloading the signed file 
to a tenninal. Furthermore, the Deo patent, Uke the Veil patent and Weiss article, does not 
disclose the claimed requirement that multiple PINs be entered before access to the smartcard 
is granted. 

Instead, the Deo patent discloses a system in which a smartcard is inserted into a temiinal 
and exchanges certificates with a tenninal to provide mutual authentication, with different PINs 
and certificates assigned to different applications. There is no suggestion of the tenninal 
accessing the smartcard in order to sign a file for download to another terminal, and therefore the 
temiinal of Deo cannot be considered to correspond to the claimed file signing tool. 
Furthermore, there is no suggestion of the claimed multiple PINs for accessing the smartcard. 
Instead, Deo discloses that different PINs are used to protect different applications on the 
smartcard. In the system of Deo, to access any particular appUcation on the smartcard, only a 

is not the same as requiring entry ofmultipiff*^ before any access to the smartcard Is 
granted. 



Withdrawal of the rgectionof claim 20 under 35 USC § 103(a) is accordingly respectfully 
requested. 
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Having thus overcome each of the rejections made in the Official Action, withdrawal of 
the rejections and expedited passage of the application to issue is requested. 



Date; July 12, 2005 

BACON & THOMAS, PLLC 
625 Slaters Lane, 4tfi Floor 
Alexandria, Virgima 22314 

Telephone: (703) 683-0500 



Respectfully submitted. 



BACON & THOMAS. PLLC 



By: BENJAMIN RURCD^ 
Registration No, 33,805 
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